> On Wed, Dec 1, 2010 at 5:22 PM, Andrew Morton <akpm@linux-foundation.org> wrote:> >> > What we're talking about is races against memory reclaim, unmount, etc.> > Ahh. Those I can believe in. Although I think they'd almost> incidentally be fixed by making inode freeing (which is where the> 'struct address_space' is embedded) RCU-safe, which we're going to do> anyway in 38. Then we could make the vmscan code just be a rcu-read> section.

I didn't know that aspect of it. It will be nice to plug this race -it's been there for so long because nobody was able to think of anacceptable way of fixing it by direct means (synchronous locking,refcounting, etc). Taking a ref on the inode doesn't work, because wecan't run iput_final() in direct-reclaim contexts (lock ordering snafus).

vmscan is the problematic path - I _think_ all other code paths whichremove pagecache have an inode ref. But this assumes thatinode->i_mapping points at inode->i_data! Need to think about thesituation where it points at a different inode's i_data - in that casethese callers may have a ref on the wrong inode.

> Of course, I do think the race is basically impossible to hit in> practice regardless.

Actually I was able to hit the race back in late 2.5 or thereabouts. Really massive memory pressure caused vmscan->icache_shrinker to freethe inode/address_space while another CPU in vmscan was playing with theaddress_space. That was quite a debugging session ;)